Armanino Blog
Article

Developing An Internal Control Manual

by Ronald Steinkamp
March 26, 2014

Many times problems arise at governmental entities due to the lack of appropriate internal controls or failure to follow already established internal controls. Here are two particular instances discovered when assisting government entities with internal audit and fraud investigations:

City X did not have internal controls established to ensure that recreational league fees paid to the parks department were properly safeguarded, accounted for and deposited. The city parks director collected these fees and was responsible for depositing them into the city bank account — without any additional oversight. As a result, the city parks director was able to steal approximately $15,000 over a three-year period in fees paid by residents for recreational leagues.

City Y had established internal controls that were documented in its policies and procedures manual, over the drawdown of federal grant funds it was owed. However, the manual was seldom referred to and eventually forgotten over time. So, City Y was actively looking into finding out why they had failed to draw down in a timely manner more than $6 million in federal funds owed. It was discovered that an accountant, who had been hired in the past year, was not told about the controls documented in the policies and procedures manual, making the internal controls a moot point.

These are just a couple of examples that show the need to document internal controls. This article will define what internal controls are, discuss why a manual is critical for local government, and outline the steps to develop a manual and the related components.

What is Internal Control?

It is crucial to define what internal control is before delving any further into the topic of an internal control manual. The best and most widely accepted definition of internal control comes from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) that was founded in 1992 and issued the Internal Control Integrated Framework.

COSO defines internal control as:

“A process, effected by an entity’s board of directors, management and other personnel. This process is designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.”

This definition translates well to local government entities by simply replacing “board of directors” with “elected officials” in the first line above. The definition also focuses on the fiduciary responsibilities of local government entities to ensure the effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulation.

Why Develop An Internal Control Manual

Government officials are accountable to the public. They have been entrusted with four main fiduciary responsibilities. The first is the responsibility to comply with all federal, state and local laws and regulations. The second is the responsibility to properly handle and safeguard public funds. Their third responsibility is to operate in an efficient and effective manner. Finally, government officials are responsible for achieving results.

The Government Finance Officers Association (GFOA) recommends that every governmental entity document accounting policies and procedures in order to enhance accountability and consistency. GFOA further recommends that this documentation:

  • Delineate the authority and responsibility of all employees, especially the authority to allow transactions and the responsibility for the safekeeping of assets and records
  • Indicate which employees are to perform which procedures
  • Explain the design and purpose of control-related procedures to increase employee understanding and support of controls

Effective internal controls can assist every aspect of government operations by assuring compliance with applicable laws and regulations, safeguarding public funds, ensuring operational effectiveness and efficiency, and monitoring the achievement of results. Good governance through accountability and recommended practice dictate that local government entities develop internal control manuals.

Steps for Developing an Internal Control Manual

As depicted in Figure 1, there are six key steps to developing an internal control manual. It is critical that these steps be followed in the order presented. 

Developing An Internal Control Manual figure 1

Figure 1: Steps to develop an internal control manual

 

With each step, there are several keys that should be considered as presented in Figure 2.

STEPS KEYS
PLAN
  • Gain City Council and Management support.
  • Establish clear objectives and timelines for completion.
  • Select a project team and leader.
  • Determine the format of the manual.
  • Identify processes to include in the manual.
  • Identify process owners.
  • Meet with process owners to notify them of the project and gain their support.
  • Assign team responsibilities.
  • Schedule team check points.
REVIEW
  • Review currently documented policies and procedure.
  • Walk-through "as is" process with the process owner.
  • Document the "as is" process.
  • Validate the "as is" process documentation with the process owner.
EVALUATE
  • Identify existing internal controls in the "as is" process.
  • Determine the adequacy and effectiveness of the existing controls.
  • Identify any missing controls or poorly designed controls.
  • Discuss evaluation results with the process owner and seek input on the design and/or redesign of the process and related internal controls.
DESIGN
  • Redesign the process with adequate and effective internal controls.
  • Walk-through the redesign process with the process owner.
  • Make changes as necessary to the process design.
DOCUMENT
  • Formally document the process and related internal controls.
  • Compile an internal control manual with all processes and controls.
EDUCATE
  • Roll-out the manual and train all affected employees.
  • As appropriate, based on position, make internal Control Manual training part of new hire orientation.
  • Consider periodic refresher training.

Figure 2: Key points to check for each step in developing an internal control manual

Components of an Internal Control Manual

An Internal Control Manual should at a minimum contain the following sections detailed below.

  • Introduction — The introduction should include the purpose, scope and authority of the manual. It should provide a discussion of how to use the manual, as well as whom to contact with questions related to the manual and internal controls.
  • Internal Control Basics — This section should provide a definition of internal control and emphasize the importance of internal controls in the organization. It also should explain management’s responsibility for internal controls.
  • Fraud Awareness — This section should define fraud and its characteristics. It also should identify each employee’s responsibility for fraud reporting, as well as how to report fraud to management.
  • Control Activities — This section is the heart of the manual and should identify procedures and critical internal controls within key processes such as:
    • Revenue (taxes, fines, fees, etc.)
    • Procurement
    • Expense disbursement
    • Human resources and payroll
    • Treasury
    • Financial reporting
    • Fixed assets
    • Regulatory compliance (including grants)

Information Systems and Security

A properly developed and implemented internal control manual will not solve all issues faced by an organization, but it can certainly assist in anticipating, preventing and controlling many problems that could arise.

If you have any questions about your government entity’s internal controls, contact our experts.

Stay In Touch

Sign up to stay up-to-date with the latest accounting regulations, best practices, industry news and technology insights to run your business.

Resources
Related News & Insights
General Contractor Trends to Consider in 2022 Webinar
Webinar
Hear from experts how you can better manage your subcontracts — and more.

December 16, 2021 | 10:00 AM - 11:00 AM PT
Environmental, Social and Governance (ESG) and Risk Management
Webinar
How to integrate ESG into your risk management practices and processes.

December 9, 2021 | 10:00 AM - 11:00 AM PT
Demystifying SOC 2 for Small Businesses
Webinar
Learn why a SOC 2 audit is important for startups and small businesses.

December 2, 2021 | 10:00 AM - 11:00 AM PT